Threat Intelligence-based Ethical Red Teaming
Security Alliance is one of the leading providers of TIBER-EU threat intelligence assessments. We have extensive experience delivering TIBER-EU engagements, providing a comprehensive analysis of an organisation’s threat landscape and digital footprint.
We have delivered TIBER-EU engagements since the programme’s inception, including pilot projects and framework development support; no one is better placed to deliver a TIBER-EU Threat Intelligence Assessment.
Our unique, structured approach to performing this service provides clients with a clear picture of the most likely and dangerous threats they face.
The TIBER-EU framework is a pioneering process using intelligence-led resilience assessments that is driven by the European Central Bank (ECB). The TIBER-EU framework is adapted and administered at national level by their associated Central Banks or Authorities (for example, TIBER-NL, TIBER-BE, TIBER-DE, TIBER-DK etc).
It applies to systemically critical organisations in the European Union's financial services sector. The core principle is that Firms are tested against realistic threat scenarios that are generated by qualified Threat Intelligence providers. Ultimately, this means that testers engage in scenarios mimicking the most credible attackers, using relevant and up-to-date tactics, techniques, and procedures (TTPs).
In line with TIBER-EU requirements, Security Alliance provide two CTI reports; the Threat Intelligence Assessment and the Targeting Assessment:
We perform detailed analysis of a client’s threat landscape. It is an external assessment leveraging structured analytical techniques to identify the most relevant threat actors based on the organisation and its critical business functions. This leads to the creation of realistic threat scenarios, which are simulated by a TIBER red team during the testing phase. Scenarios are underpinned by threat level scoring, relevant use cases, and threat actor profiling. Scenarios also fuse in relevant findings from the Targeting Assessment and include all associated MITRE ATT&CK® tactics, techniques, and sub-techniques.
We perform an in-depth review of an organisation’s attack surface from the perspective of a threat actor. The purpose is to perform attacker-like reconnaissance against the organisation, its assets and its people and to explain how this information, gathered through technical and manual collection techniques, can be leveraged by the threat actor to mount an attack. These findings along with the TTPs of the threat actor feed into the final attack scenarios which are then used by the TIBER red teams to mimic a real world attack.